欢迎来到 黑吧安全网 聚焦网络安全前沿资讯,精华内容,交流技术心得!

html5之应用,纯web rdp 远程桌面连接

来源:本站整理 作者:佚名 时间:2016-01-04 TAG: 我要投稿

最近一直在琢磨如何方便部署和开发堡垒机,linux堡垒机很多地方不方便,尤其是人机交互和常用软件不够丰富,window堡垒机的部署不太方面,尤其需要安装客户端。所以就在想是否有纯web方式的远程桌面连接。后来研究了发现还真有,但是利用了html5的很多特性,目前还有一些浏览器还不支持,但是从长远来看,趋势是比较明显的尤其是现在的平板电脑和手机应用还是优先支持html5。
原理篇:直接转录了网上的一篇文章。
Earlier this week, I wrote about my initial thoughts on the Chromebook, and I talked a little bit about HTML5 remote desktop clients, specifically AccessNow from Ericom. In the comments, we also heard from the creator of Spark View, Walter Wang. Walter's comment, plus a subsequent phone call with Ericom, helped to shed some light on exactly how Chrome (and other HTML5 compliant browsers, which is all of the big ones now, I think) use HTML5 technologies to show remote desktops. In that article, I speculated that Ericom was somehow wrapping RDP and shipping it to the client. It turns out that what actually is happening is a bit more complex, and it involves translating RDP data for consumption by the browser. Before I get too far ahead, though, let's break this down.
There are two key technologies that enable remote desktop clients within a browser, WebSockets andCanvas. WebSockets is how the remote desktop data is sent from your environment to the browser, and Canvas is the technology that allows it to be redrawn on the screen.
WebSockets is a protocol/API that is built in to all the recent browsers that allows for continuous transmission of data via one TCP socket, as opposed to HTTP, which requires each request to have a response. Multiple requests, then, require multiple connections, which is pretty complex and inefficient for anything that needs to have a realtime feel to it. WebSockets changes this by essentially opening a channel between the client and the server that remains open between requests. The main drawback of WebSockets is that it only supports textual data, not binary data (which is what remote protocols use), which we'll get into later.
Canvas was created by Apple way back in 2004, and has grown into being a native HTML5 element. Canvas enables the ability to control every single pixel discretely through the use of javascript, which allows the browser to render 2d graphics dynamically. When you see animations or games that play in the browser and don't use Flash (i.e. HTML5 games like Angry Birds for Chrome), you're seeing Canvas in action. For remote desktop connections, the client (in this case, mostly a javascript program) consumes the data coming in via WebSockets and draws the desktop on the screen via Canvas.
Right now you may be thinking "Canvas...no binary data support...that's not RDP at all," which is absolutely correct. But if what you're using at the client isn't RDP, then how is this working? The secret there is with a gateway of sorts. Ericom calls this AccessNow Server (which is really just a lightweight service), and Spark View calls it a Spark Gateway. In both cases, these gateways establish an RDP session with the remote host and translate (or re-encode) that binary data into textual data for use with WebSockets. That text data is sent on to the browser where the client interprets that data and draws it on the screen with Canvas.
The entire process looks something like this (click for larger image):
 

Ericom has also introduced a version of AccessNow that works with VMware View. There's an added step that involves hosting the web client on a View server so that it can take advantage of the View Open Client, which handles authentication and desktop selection before handing the connection off to the AccessNow Server (remember, that's more of a service than a server). Ultimately, they view this as a way to expand endpoint support for VMware View to anything with an HTML5-compliant browser, which will level the playing field with Citrix when it comes to number of client devices supported by the platform.
At this point, AccessNow does not support virtual keyboards like what you would find on iOS or Android devices. It appears that only Spark View supports those types of devices today, although I haven't had a chance to actually look at the product yet. We know Walter reads this blog, though, so maybe he can comment :) Ericom has said that they are close to providing it, they just want to make sure they get it right before releasing the next version.
Since the Citrix HTML5 client hasn't been released yet, I'm not sure how it works. I imagine it has the same basic architecture, though, while utilizing some of Citrix's existing components (web interface, connection broker, NetScaler, etc...). It's my plan to do a HTML5 remote desktop client roundup when Citrix releases theirs, but if that winds up being too far out, I'll do it without them. It's all so new, though, it seems only fair to give it a little more time.

[1] [2]  下一页

【声明】:黑吧安全网(http://www.myhack58.com)登载此文出于传递更多信息之目的,并不代表本站赞同其观点和对其真实性负责,仅适于网络安全技术爱好者学习研究使用,学习中请遵循国家相关法律法规。如有问题请联系我们,联系邮箱admin@myhack58.com,我们会在最短的时间内进行处理。
  • 最新更新
    • 相关阅读
      • 本类热门
        • 最近下载